GSOC/GSOC ProjectIdeas

From SPDX Wiki
Revision as of 19:21, 10 January 2019 by Swinslow (Talk | contribs)

Jump to: navigation, search

Welcome to the 2019 SPDX Google Summer of Code Project Page

See the proposal template if you are interested in submitting a Google Summer of Code proposal.

Should you have questions please do not hesitate to contact one of the mentors directly.

What is SPDX ?

First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.

As part of this effort we have developed a set of collateral that can be used:

Why choose an SPDX Project?

Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.

Getting Involved

Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.


SPDX Workgroup Tooling Projects

These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.

Update Parser Libraries for Golang

Update one of the SPDX Golang libraries to the SPDX 2.1 specification. The current implementation in the SPDX git repository was built for use with version 1.2 of the SPDX specification; the current specification is now at version 2.1, and is a major upgrade from 1.2 including support for relationships between SPDX documents and SPDX elements.

Skills Needed

  • Development skills in the Golang language
  • Experience with parser development
  • Understanding of RDF and XML

Background Information

SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, the Java libraries are the only official SPDX tools that support the new SPDX 2.1 specification. The Python libraries and the Golang libraries support version 1.2 of the spec.

A rewrite of the Golang tools for SPDX 2.1 is in process at, but does not yet support RDF. The libraries should support both RDF/XML import/export as well as tag/value import/export. The tools should also support newer formats such as JSON and YAML as the SPDX definition for those formats continues to be established.

Available Mentors

Steve Winslow Gary O'Neall

Additional Format Support for the Python Libraries

Add the ability to read and write XML, JSON, and YAML formats of the SPDX documents.

Skills Needed

  • Development skills in the Python language
  • Experience with parser development
  • Understanding of XML, JSON and YAML

Background Information

SPDX 2.1 specification supports reading and writing RDF/XML and a tag/value format for SPDX documents. Version 2.2 of the specification will add support for XML, JSON and YAML. The Python libraries currently support reading and writing the RDF/XML and tag/value. This project would extend the parsing and file generation capabilities of the python libraries to include XML, JSON and YAML format.

The current python libraries are in the [SPDX python tools git repository]

Available Mentors

Krys Nuvadga, Gary O'Neall

Port SPDX license expression library to Ruby, JavaScript and Java

The [[1]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python. The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.

Skills Needed

  • Development skills in Python, Java, Ruby, JavaScript.

Background Information

See and

Available Mentors

Philippe Ombredanne

SPDX Specification Projects

The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.

SPDX Specification in MarkDown

Migrate the specification from Google docs to GitHub+MarkDown based toolchain capable of generating HTML, PDF and EPUB

Skills Needed

  • Understanding of documentation tooling
  • Web-development skills to style HTML version

Background Information

The 2.1 SPDX specification PDF and HTML version have several issues. 1. Navigation through both document is difficult as a index is missing 2. Switching to GitHub+MarkDown will remove friction for contributors to comment/amend the specification. Common workflow within the OSS community

Available Mentors

Kate Stewart Thomas Steenbergen Bradley M. Kuhn

SPDX Specification Wiki Examples of Package Managers

SPDX specification describes on a high level how to describe package, files and snippets but lack examples how to capture the use of package managers

Skills Needed

  • Understanding of package managers

Background Information

To encourage adoption of SPDX it should be clear how to encode the use of common programming language package managers within SPDX. The aim of this project is to create example per build tool/package manager so that not only as example to the community but also form the input for SPDX tech team discussions and future tooling development

Initial package managers:

  • Bower
  • CocoaPods
  • Gradle
  • gem
  • gitmodules
  • Maven
  • npm
  • PyPi
  • sbt
  • NuGet

Available Mentors

Thomas Steenbergen Kate Stewart

SPDX Specification Views for legal counsels and developers

The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.

Skills Needed

  • Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX

Background Information

SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold: 1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner. 2. Provide legal counsels with a "package and limited file view" to enable legal conclusions

Available Mentors

Steve Winslow Thomas Steenbergen Yev Bronshteyn